Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rust: More metrics for tracking taint. #18501

Merged
merged 12 commits into from
Jan 17, 2025
Merged

Rust: More metrics for tracking taint. #18501

merged 12 commits into from
Jan 17, 2025

Conversation

geoffw0
Copy link
Contributor

@geoffw0 geoffw0 commented Jan 15, 2025

Add more metrics for tracking taint flow in Rust. Prior to this PR we have:

  • taint sources, tracked by rust/summary/taint-sources and rust/summary/summary-statistics.
  • sensitive data (which are also commonly used as taint sources), tracked by rust/summary/sensitive-data and rust/summary/summary-statistics.

Which doesn't give us a very complete picture. This PR adds:

  • query sinks, tracked by rust/summary/query-sinks, rust/summary/query-sink-counts and rust/summary/summary-statistics.
  • cryptographic operations (which are also commonly used as taint sinks), tracked by rust/summary/cryptographic-operations and rust/summary/summary-statistics.
  • taint edges (raw count), tracked by rust/summary/summary-statistics.
  • taint reach, tracked by rust/summary/summary-statistics.

Most of these are soon to be added to our DCA runs (for catching regressions) and our metrics tracking page (to inform future work).

In the past people have raised performance concerns about taint reach, but I've never seen a problem in practice. DCA will confirm.

@geoffw0 geoffw0 added no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code labels Jan 15, 2025
@Copilot Copilot bot review requested due to automatic review settings January 15, 2025 17:22
Copilot
Copilot AI reviewed Jan 15, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

Files not reviewed (7)
  • rust/ql/src/queries/summary/CryptographicOperations.ql: Language not supported
  • rust/ql/src/queries/summary/QuerySinkCounts.ql: Language not supported
  • rust/ql/src/queries/summary/QuerySinks.ql: Language not supported
  • rust/ql/src/queries/summary/Stats.qll: Language not supported
  • rust/ql/src/queries/summary/SummaryStats.ql: Language not supported
  • rust/ql/src/queries/summary/TaintReach.qll: Language not supported
  • rust/ql/test/query-tests/diagnostics/SummaryStats.expected: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

hvitved
hvitved reviewed Jan 16, 2025
View reviewed changes
rust/ql/src/queries/summary/TaintReach.qll
private module TaintReachConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node instanceof ActiveThreatModelSource }

predicate isSink(DataFlow::Node node) { any() }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This certainly looks like something that will not perform very well...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, though:

  • we don't compute a path graph for this config.
  • we never had any real issues with the same code in Swift.
  • even on our largest database (windows-rs) with a slightly warmed up cache, quick eval-ing getTaintReach() takes 2 seconds. With vast amounts of fake sources etc added to increase reach beyond what I think is ever plausible, 24s.

I'm guessing execution time is roughly linear in the number of nodes reached??? I'd be interested to hear your thoughts, concerns and suggestions - even if this means changing what we measure.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, let's leave it as-is for now then.

paldepind
paldepind approved these changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@paldepind paldepind left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Really great to have these additional measures 👍

@geoffw0 geoffw0 merged commit 2d0c73a into github:main Jan 17, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@paldepind paldepind paldepind approved these changes

@hvitved hvitved hvitved left review comments

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geoffw0 @paldepind @hvitved